CVE.report search for "CVE-2026-4335"
Listed below are 50 relevant search results for "CVE-2026-4335" based on Vendor, Software, and CVE description
These results are gathered from attempted matches with listed vendor and software data, as well as a keyword search in the description of all known CVEs.
If you notice a "Not Listed" in either the vendor or software columns, the underlying source record does not currently include normalized affected-product data.
Search Results
| CVE ID | Vendor | Software | Description |
|---|---|---|---|
| CVE-2026-41909 | OpenClaw before 2026.4.20 contains an improper authorization vulnerability in paired-device pairing management that allows li... | ||
| CVE-2026-41908 | OpenClaw before 2026.4.20 contains a scope enforcement bypass vulnerability in the assistant-media route that allows trusted-... | ||
| CVE-2026-41679 | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416... | ||
| CVE-2026-41389 | OpenClaw versions 2026.4.7 before 2026.4.15 fail to enforce local-root containment on tool-result media paths, allowing arbit... | ||
| CVE-2026-41361 | OpenClaw before 2026.3.28 contains an SSRF guard bypass vulnerability that fails to block four IPv6 special-use ranges. Attac... | ||
| CVE-2026-41360 | OpenClaw before 2026.4.2 contains an approval integrity vulnerability in pnpm dlx that fails to bind local script operands co... | ||
| CVE-2026-41359 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability allowing authenticated operators with write permissio... | ||
| CVE-2026-41358 | OpenClaw before 2026.4.2 fails to filter Slack thread context by sender allowlist, allowing non-allowlisted messages to enter... | ||
| CVE-2026-41357 | OpenClaw before 2026.3.31 contains an environment variable leakage vulnerability in SSH-based sandbox backends that pass unsa... | ||
| CVE-2026-41356 | OpenClaw before 2026.3.31 fails to terminate active WebSocket sessions when rotating device tokens. Attackers with previously... | ||
| CVE-2026-41355 | OpenShell before 2026.3.28 contains an arbitrary code execution vulnerability in mirror mode that converts untrusted sandbox ... | ||
| CVE-2026-41354 | OpenClaw before 2026.4.2 contains an insufficient scope vulnerability in Zalo webhook replay dedupe keys that allows legitima... | ||
| CVE-2026-41353 | OpenClaw before 2026.3.22 contains an access control bypass vulnerability in the allowProfiles feature that allows attackers ... | ||
| CVE-2026-41352 | OpenClaw before 2026.3.31 contains a remote code execution vulnerability where a device-paired node can bypass the node scope... | ||
| CVE-2026-41351 | OpenClaw before 2026.3.31 contains a replay detection bypass vulnerability in webhook signature handling that treats Base64 a... | ||
| CVE-2026-41350 | OpenClaw before 2026.3.31 contains a session visibility bypass vulnerability where the session_status function fails to enfor... | ||
| CVE-2026-41349 | OpenClaw before 2026.3.28 contains an agentic consent bypass vulnerability allowing LLM agents to silently disable execution ... | ||
| CVE-2026-41348 | OpenClaw before 2026.3.31 contains an authorization bypass vulnerability in Discord slash command and autocomplete paths that... | ||
| CVE-2026-41347 | OpenClaw before 2026.3.31 lacks browser-origin validation in HTTP operator endpoints when operating in trusted-proxy mode, al... | ||
| CVE-2026-41346 | OpenClaw 2026.2.26 before 2026.3.31 enforces pending pairing-request caps per channel file instead of per account, allowing a... | ||
| CVE-2026-41345 | OpenClaw before 2026.3.31 contains a credential exposure vulnerability in media download functionality that forwards Authoriz... | ||
| CVE-2026-41344 | OpenClaw before 2026.3.28 contains a privilege escalation vulnerability in the chat.send endpoint that allows write-scoped ga... | ||
| CVE-2026-41343 | OpenClaw before 2026.3.31 lacks a shared pre-auth concurrency budget on the public LINE webhook path, allowing attackers to c... | ||
| CVE-2026-41342 | OpenClaw before 2026.3.28 contains an authentication bypass vulnerability in the remote onboarding component that persists un... | ||
| CVE-2026-41341 | OpenClaw before 2026.3.31 contains a logic error in Discord component interaction routing that misclassifies group direct mes... | ||
| CVE-2026-41340 | OpenClaw before 2026.3.31 contains an authentication boundary vulnerability where Telegram legacy allowFrom migration incorre... | ||
| CVE-2026-41339 | OpenClaw before 2026.4.2 exposes configPath and stateDir metadata in Gateway connect success snapshots to non-admin authentic... | ||
| CVE-2026-41338 | OpenClaw before 2026.3.31 contains a time-of-check-time-of-use vulnerability in sandbox file operations that allows attackers... | ||
| CVE-2026-41337 | OpenClaw before 2026.3.31 contains a callback origin mutation vulnerability in Plivo voice-call replay that allows attackers ... | ||
| CVE-2026-41336 | OpenClaw before 2026.3.31 allows workspace .env files to override the OPENCLAW_BUNDLED_HOOKS_DIR environment variable, enabli... | ||
| CVE-2026-41335 | OpenClaw before 2026.3.31 contains an information disclosure vulnerability in the Control Interface bootstrap JSON that expos... | ||
| CVE-2026-41334 | OpenClaw before 2026.3.31 contains a decompression bomb vulnerability in image processing that fails to properly enforce pixe... | ||
| CVE-2026-41333 | OpenClaw before 2026.3.31 contains an authentication rate limiting bypass vulnerability that allows attackers to circumvent s... | ||
| CVE-2026-41332 | OpenClaw before 2026.3.28 contains an environment variable sanitization vulnerability where GIT_TEMPLATE_DIR and AWS_CONFIG_F... | ||
| CVE-2026-41331 | OpenClaw before 2026.3.31 contains a resource consumption vulnerability in Telegram audio preflight transcription that allows... | ||
| CVE-2026-41330 | OpenClaw before 2026.3.31 contains an environment variable override vulnerability in host exec policy that fails to properly ... | ||
| CVE-2026-41329 | OpenClaw before 2026.3.31 contains a sandbox bypass vulnerability allowing attackers to escalate privileges via heartbeat con... | ||
| CVE-2026-41303 | OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in Discord text approval commands that allows non-ap... | ||
| CVE-2026-41302 | OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionali... | ||
| CVE-2026-41301 | OpenClaw versions 2026.3.22 before 2026.3.31 contain a signature verification bypass vulnerability in the Nostr DM ingress pa... | ||
| CVE-2026-41300 | OpenClaw before 2026.3.31 contains a trust-decline vulnerability that preserves attacker-discovered endpoints in remote onboa... | ||
| CVE-2026-41299 | OpenClaw before 2026.3.28 contains an authorization bypass vulnerability in the chat.send gateway method where ACP-only prove... | ||
| CVE-2026-41298 | OpenClaw before 2026.4.2 fails to enforce write scopes on the POST /sessions/:sessionKey/kill endpoint in identity-bearing HT... | ||
| CVE-2026-41297 | OpenClaw before 2026.3.31 contains a server-side request forgery vulnerability in the marketplace plugin download functionali... | ||
| CVE-2026-41296 | OpenClaw before 2026.3.31 contains a time-of-check-time-of-use race condition in the remote filesystem bridge readFile functi... | ||
| CVE-2026-41295 | OpenClaw before 2026.4.2 contains an improper trust boundary vulnerability allowing untrusted workspace channel shadows to ex... | ||
| CVE-2026-41294 | OpenClaw before 2026.3.28 loads the current working directory .env file before trusted state-dir configuration, allowing envi... | ||
| CVE-2026-41241 | pretalx is a conference planning tool. Prior to 2026.1.0, The organiser search in the pretalx backend rendered submission tit... | ||
| CVE-2026-41208 | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Versions of @paperclipai/... | ||
| CVE-2026-41145 | MinIO is a high-performance object storage system. Starting in RELEASE.2023-05-18T00-05-36Z and prior to RELEASE.2026-04-11T0... | ||